Using pfsense as a wifi gateway



  • Hi,
    I have several wireless APs that are deployed in a small business. Currently each AP filters MACs on the AP itself. I want to find a solution where I can have one system sitting between my APs and my trusted network to filter the MAC address for me. This way I don't have to type one MAC into 16 different APs.

    Is it possible to use pfsense to filter MACs when passing traffic from one interface to another?



  • Captive portal can do pass through mac authentication. Maybe that would work for you? Not sure why you would use mac filtering and not a key, certificate or password based approach.  what are you trying to achieve?



  • I am trying to create a simple device that just filters MACs. This pfsense box might also fun havp and squid. The reason I don't want to use certificates or password based auth with RADIUS is because some devices connecting don't support cert or pass based auth, like maybe a Wii. Just MAC filtering would simply provide the security i am looking for.

    The APs could use other security. I was looking at the pf commands for MAC blocking and couldn't find anything that is Nativity support in the stable release of pfsense. I could do it with ip tables and create a web GUI for it, but again I would like pfsense. Maybe someone has done this before with something else like IPCop?



  • FreeBSD 7.1 added mac blacklisting via arp(8), so this would be available (from the command line) in the 1.2.3 snapshots. There is also arp white or blacklisting via wlan_acl (see ifconfig) for wireless interfaces. I suspect that no one has bothered to add these to the gui due to the fact that MAC addresses are easily spoofable.



  • An excellent solution dotdash.
    Perhaps I could take a look at a snapshot and contribute a WebGUI for MAC filtering?



  • You could either create a diff and send it to someone on the core team, or create a git clone and submit the changes for review. You would just need to add an interface for the mac: commands and maybe have the wireless status also show the list mac output.


Log in to reply